Using Health Data for Research: Evolving National Policies

The COVID-19 pandemic has brought to the fore the crucial role that data collection, analysis, sharing, and dissemination play for governments, academic institutions, and private sector businesses racing to advance scientific research to help combat the virus. It also illustrates that data protection safeguards are essential to build public trust for the swift adoption of data-based solutions, such as the myriad efforts related to pandemic related research. The interactions between data protection and scientific research are complex, with privacy and data protection enhancing individuals’ trust and ensuring respect of fundamental rights and ethical standards, while at the same time setting parameters and boundaries for data collection and sharing across organizations and borders. Nowhere is this balancing of interests and rights clearer than in the context of secondary use of healthcare data for scientific research. Countries around the world are charting new paths to seek the insights that health data can reveal while at the same time respecting individual rights.

Even before the pandemic, countries around the world have been developing data governance policies and mechanisms to promote innovation around the use of digital health information while protecting patient privacy expectations and maintain ethical norms. Safeguards for health data sharing may include: 1) ethical review board oversight over data use purpose, and data collection, sharing, and analysis; 2) de-identification of datasets; 3) administrative, technical and contractual safeguards; 4) safeguards around cross border data flows.

The Israel Tech Policy Institute and the Future of Privacy Forum have published a report surveying the legal frameworks for secondary use of healthcare data, including demographics, diagnoses, symptoms, prescriptions, immunizations, tests and other medical conditions, for research purposes in eight countries, including Australia, England, Finland, France, India, Ireland, Israel and the US. The research demonstrates large commonality across legal systems and regimes, permitting secondary use of healthcare data for research purposes under certain conditions, including review by ethical boards, proper de-identification and additional administrative, technical and contractual safeguards.

The questions discussed include under what circumstances ethical review boards scrutinize and approve the use of health data for research?  Who can access health data for research and under what conditions? Under what conditions can data be shared with private for-profit organisations for research within the health-related public interest? What is the standard for
anonymising or de-identifying health data? Are there data localisation requirements for health data?

To download the report press here.